Tag: user

As an Ubuntu desktop user, I learned to appreciate adduser‘s –encrpyt-home option. It adds a new user with an encrypted home directory in a second. On Debian, adduser is lacking the –encrypt-home option and we require a few steps to add a user with an ecryptfs-encrypted home directory. Our roadmap here is to add a user with unencrypted home directory and then encrypt the home directory afterwards.

Install the ecryptfs utility scripts and their dependencies,

sudo aptitude install ecryptfs-utils

Add a new user with unencrypted home directory,

sudo adduser NEW_USER

Encrypt the home directory by migrating it from unencrypted to encrypted

Absolutely mandatory, login to the new user account now to have ecryptfs’ key encrypted with the new user’s password and written to disk,

sudo login NEW_USER

When logged as NEW_USER, unwrap ecryptfs’ key and store it at a safe place. This will give you access to your encrypted home directory without the need to login (e.g. by mounting it).

ecryptfs-unwrap-passphrase

Remove the unencrypted copy of the user’s home directory. The last lines of output of ecryptfs-migrate-home give you the path, along with other useful information you should read through.

Please note that ecryptfs-migrate-home places the encrypted version of NEW_USER’s home directory in /home/.ecryptfs/NEW_USER, no matter what partition or directory the user’s home directory is located in. As this directory is hardcoded into the ecryptfs-setup-private script (that is called by ecryptfs-migrate-home), the easiest way is to temporarily edit change the path by